• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

ipv6 dns opcode: QUERY, status: REFUSED

Scheduled Pinned Locked Moved IPv6
10 Posts 3 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    netgate_etagten
    last edited by Sep 7, 2023, 4:02 PM

    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25153
    ;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; WARNING: recursion requested but not available

    Version 2.7.0-RELEASE (amd64)
    built on Wed Jun 28 03:53:34 UTC 2023
    FreeBSD 14.0-CURRENT

    not fixxed by https://forum.netgate.com/topic/176989/problems-with-pfsense-ipv6-dns-function-does-it-exist

    J 1 Reply Last reply Sep 7, 2023, 4:19 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @netgate_etagten
      last edited by Sep 7, 2023, 4:19 PM

      @netgate_etagten that was fixed in https://redmine.pfsense.org/issues/13851

      And is listed as resolved, with a target of 2.7..

      Are you saying your not seeing the ACL populated with IPv6 on your lan interface?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      N 1 Reply Last reply Sep 8, 2023, 12:03 PM Reply Quote 0
      • N
        netgate_etagten @johnpoz
        last edited by Sep 8, 2023, 12:03 PM

        @johnpoz After reinstalling the system, I tested it and still failed. No other special services are available at this time.

        After a reboot:

        alt text

        alt text

        alt text

        J 1 Reply Last reply Sep 8, 2023, 12:57 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @netgate_etagten
          last edited by johnpoz Sep 8, 2023, 1:48 PM Sep 8, 2023, 12:57 PM

          @netgate_etagten if your IPv6 is not allowed then yes it will be refused..

          Let me fire up my 2.7 vm and put an IPv6 on it, and check the acl..

          edit: did you restart unbound? Here see no IPv6 in access list, I then added one, then restarted unbound and there it is IPv6 prefix added to the access list

          accesslist.jpg

          Now I could go through all the hassle of routing actual gua IPv6 to my VM running pfsense, but the issue is clearly its going to refuse if not in the access list, and a restart of unbound creates it.. A ula is fine in testing if the IPv6 prefix you have on your interface is added to the access list.

          So it doesn't really matter past that, but here I can query it, when I put IPv6 on my box..

          query.jpg

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          N 1 Reply Last reply Sep 8, 2023, 3:46 PM Reply Quote 1
          • N
            netgate_etagten @johnpoz
            last edited by netgate_etagten Sep 8, 2023, 3:59 PM Sep 8, 2023, 3:46 PM

            @johnpoz
            Restarting unbound can fix it, but unbound is abnormal after system startup.

            Sep 8 23:08:42 unbound 45594 [45594:0] info: start of service (unbound 1.17.1).

            2023-09-08 23:08:36 dhcp6c 51544 failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
            2023-09-08 23:08:36 dhcp6c 51544 failed initialize control message authentication
            2023-09-08 23:08:36 dhcp6c 51544 skip opening control port
            2023-09-08 23:08:37 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:38 dhcp6c 51649 Sending Request
            2023-09-08 23:08:38 dhcp6c 51649 dhcp6c Received REQUEST
            2023-09-08 23:08:38 dhcp6c 51649 add an address 20:0:0:0:0:0:e8f:6be1/64 on re0
            2023-09-08 23:08:38 dhcp6c 51649 status code for PD-0: success
            2023-09-08 23:08:39 dhcp6c 51649 restarting
            2023-09-08 23:08:39 dhcp6c 51649 Start address release
            2023-09-08 23:08:39 dhcp6c 51649 Sending Release
            2023-09-08 23:08:39 dhcp6c 51649 remove an address 20:0:0:0:0:0:e8f:6be1/64 on re0
            2023-09-08 23:08:39 dhcp6c 51649 dhcp6c Received RELEASE
            2023-09-08 23:08:39 dhcp6c 51649 status code: success
            2023-09-08 23:08:40 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:41 dhcp6c 51649 Sending Request
            2023-09-08 23:08:41 dhcp6c 51649 dhcp6c Received REQUEST
            2023-09-08 23:08:41 dhcp6c 51649 add an address 20:0:0:0:0:0:e8f:6be1/64 on re0
            2023-09-08 23:08:41 dhcp6c 51649 status code for PD-0: success
            2023-09-08 23:08:41 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:42 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:08:42 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:43 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:08:44 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:45 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:08:48 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:49 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:08:56 dhcp6c 51649 Sending Solicit
            2023-09-08 23:08:56 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:09:10 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:11 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:09:25 dhcp6c 51649 restarting
            2023-09-08 23:09:25 dhcp6c 51649 Start address release
            2023-09-08 23:09:25 dhcp6c 51649 Sending Release
            2023-09-08 23:09:25 dhcp6c 51649 failed to remove an address on re0: Can't assign requested address
            2023-09-08 23:09:25 dhcp6c 51649 dhcp6c Received RELEASE
            2023-09-08 23:09:25 dhcp6c 51649 status code: success
            2023-09-08 23:09:27 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:28 dhcp6c 51649 Sending Request
            2023-09-08 23:09:28 dhcp6c 51649 dhcp6c Received REQUEST
            2023-09-08 23:09:28 dhcp6c 51649 add an address 20:0:0:0:0:0:e8f:6be1/64 on re0
            2023-09-08 23:09:28 dhcp6c 51649 status code for PD-0: success
            2023-09-08 23:09:30 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:31 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:09:31 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:32 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:09:34 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:34 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:09:38 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:38 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:09:47 dhcp6c 51649 Sending Solicit
            2023-09-08 23:09:47 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:10:06 dhcp6c 51649 Sending Solicit
            2023-09-08 23:10:06 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:10:42 dhcp6c 51649 Sending Solicit
            2023-09-08 23:10:42 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:11:52 dhcp6c 51649 Sending Solicit
            2023-09-08 23:11:52 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:13:42 dhcp6c 51649 Sending Solicit
            2023-09-08 23:13:42 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:15:41 dhcp6c 51649 Sending Solicit
            2023-09-08 23:15:42 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:17:49 dhcp6c 51649 Sending Solicit
            2023-09-08 23:17:49 dhcp6c 51649 advertise contains NoAddrsAvail status
            2023-09-08 23:19:54 dhcp6c 51649 Sending Solicit
            2023-09-08 23:19:54 dhcp6c 51649 advertise contains NoAddrsAvail status

            Why doesn't unbound use IPv6 Link Local?

            G 1 Reply Last reply Sep 8, 2023, 3:53 PM Reply Quote 0
            • G
              Gertjan @netgate_etagten
              last edited by Sep 8, 2023, 3:53 PM

              @netgate_etagten

              This page / log : Status > System Logs > System > DNS Resolver
              as I presume you are looking for unbound logs in the DHCP logs, you won't find any.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              N 1 Reply Last reply Sep 8, 2023, 3:58 PM Reply Quote 0
              • N
                netgate_etagten @Gertjan
                last edited by Sep 8, 2023, 3:58 PM

                @Gertjan I'm looking for lan ipv6 generation time

                Sep 8 23:08:34 unbound 45594 [45594:0] notice: init module 0: validator
                Sep 8 23:08:34 unbound 45594 [45594:0] notice: init module 1: iterator
                Sep 8 23:08:34 unbound 45594 [45594:0] info: start of service (unbound 1.17.1).
                Sep 8 23:08:41 unbound 45594 [45594:0] info: generate keytag query _ta-4f66. NULL IN
                Sep 8 23:08:41 unbound 45594 [45594:1] info: generate keytag query _ta-4f66. NULL IN
                Sep 8 23:08:42 unbound 45594 [45594:0] info: service stopped (unbound 1.17.1).
                Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
                Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
                Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 1: 6 queries, 0 answers from cache, 6 recursions, 0 prefetch, 0 rejected by ip ratelimiting
                Sep 8 23:08:42 unbound 45594 [45594:0] info: server stats for thread 1: requestlist max 2 avg 1.16667 exceeded 0 jostled 0
                Sep 8 23:08:42 unbound 45594 [45594:0] notice: Restart of unbound 1.17.1.
                Sep 8 23:08:42 unbound 45594 [45594:0] notice: init module 0: validator
                Sep 8 23:08:42 unbound 45594 [45594:0] notice: init module 1: iterator
                Sep 8 23:08:42 unbound 45594 [45594:0] info: start of service (unbound 1.17.1).
                Sep 8 23:08:44 unbound 45594 [45594:0] info: generate keytag query _ta-4f66. NULL IN
                Sep 8 23:08:44 unbound 45594 [45594:1] info: generate keytag query _ta-4f66. NULL IN
                Sep 8 23:36:10 unbound 77967 [77967:0] notice: init module 0: validator
                Sep 8 23:36:10 unbound 77967 [77967:0] notice: init module 1: iterator
                Sep 8 23:36:10 unbound 77967 [77967:0] info: start of service (unbound 1.17.1).
                Sep 8 23:36:15 unbound 77967 [77967:0] info: generate keytag query _ta-4f66. NULL IN

                J 1 Reply Last reply Sep 8, 2023, 4:50 PM Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator @netgate_etagten
                  last edited by johnpoz Sep 8, 2023, 4:53 PM Sep 8, 2023, 4:50 PM

                  @netgate_etagten kind of hard to generate an IPv6 on your lan if you didn't get one on your wan..

                  advertise contains NoAddrsAvail status, or atleast your not getting a PD.

                  I take it you edited this to hide the actual IP your getting 20:0:0:0:0:0:e8f:6be1, cause that sure isn't valid ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  N 1 Reply Last reply Sep 9, 2023, 2:21 AM Reply Quote 0
                  • N
                    netgate_etagten @johnpoz
                    last edited by netgate_etagten Sep 9, 2023, 2:37 AM Sep 9, 2023, 2:21 AM

                    @johnpoz
                    So I need to add the lan port ipv6 link local in unbound to ensure that it can work normally after the system restarts?

                    NoAddrsAvail because the acquired status is not released, and I don’t understand why dhcp6c needs to reacquire the address.

                    J 1 Reply Last reply Sep 9, 2023, 2:52 AM Reply Quote 0
                    • J
                      johnpoz LAYER 8 Global Moderator @netgate_etagten
                      last edited by Sep 9, 2023, 2:52 AM

                      @netgate_etagten said in ipv6 dns opcode: QUERY, status: REFUSED:

                      why dhcp6c needs to reacquire the address.

                      Did you try setting this

                      https://docs.netgate.com/pfsense/en/latest/config/advanced-networking.html#do-not-allow-pd-address-release

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      1 Reply Last reply Reply Quote 0
                      10 out of 10
                      • First post
                        10/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received